TLS in HTTP/2

I came across this blog post on Hacker News this morning. I thought it was a great blog post so I figured I would share it. Here there is a group of people that were trying to weaken the HTTP2 standard by not requiring TLS encryption in the standard as originally proposed and Google and Mozilla are working around that by requiring it for HTTP2 standard in their browsers. I think they are taking the right stand here as there is no excuse to not be encrypting anymore, and by them taking this stand it will encourage more people to get on board with TLS while at the same time getting the performance benefits of the new protocol.

On my site here I have the SPDY protocol enabled and hope to have full HTTP2 support as soon as nginx supports it. I did find it slightly ironic that the great blog poster mentioned about doesn’t actually have TLS enabled on his blog. Let’s go people it is 2015 time to secure your sites. Here is a story I found in the comments on the blog about the people who were working to undermine the new protocol also worth a read.